[Dshield] UDP blocking

William Sipila william at osource.com
Fri Mar 15 18:17:16 GMT 2002


> From: Kelly Martin <kellym at fb00.fb.org>
> Subject: RE: [Dshield] UDP blocking
> Date: Thu, 14 Mar 2002 15:40:39 -0600

> DNS is UDP port 53.  Note also that queries go out (by default) on random
> UDP ports, and the replies come back to the same port the query originated
> from.  If you are not using a stateful firewall, you will have to either
> open all of UDP or lock your DNS client down to use a specified query
port.

mmm, yeah, that makes sense, since just opening port 53/UDP (no DNS service
on this box, just a plain old client) didn't accomplish anything.

this box is outside the firewall at the moment (only for like another week
or 2), so there's no protection other than selecting a few ports to be open
(thankfully it's not a critical or even very important box).  if there's no
way to specify the DNS to query from a specific port in win2k (is there?  i
couldn't find anything on it), what kind of trouble could i be getting into
if i open all my UDP ports back up (besides DoS, which seems to be the big
UDP vulnerability)?

	- will

--\/------------------------------------------------------------ 
    Developer/SysAdmin, OUTSOURCE Consulting Services, Inc. 
    william at osource.com | www.osource.com 
--/\------------------ 




More information about the list mailing list